Security can no longer be an afterthought when it comes to the computing devices used by your company — and this is why Samsung Knox, which is built into Samsung Galaxy smartphones from the chip up, is the best choice for protecting your work phones.

The Samsung Knox platform is changing the way mobile-first organizations approach security by inherently protecting devices at the hardware level, while also giving IT administrators the ability to customize and enroll at scale without facing rudimentary challenges throughout the process.

Knox provides a robust superset of features on top of the basic Android platform to fill security and management gaps, resolve pain points identified by enterprises and meet the strict requirements of highly regulated industries.

So what does that mean for your enterprise? Knox protects your data by easily meeting your organization’s security and compliance requirements by providing solid platform integrity, strong data protection and fine-grained policy enforcement.

Knox, however, isn’t just a security protocol. It seamlessly activates and manages platform features through an Enterprise Mobility Management (EMM) system, and flexibly supports infrastructure, deployment and management requirements through centralized remote device control, advanced VPN management, app whitelisting and blocklisting and granular policies that control all aspects of Samsung devices.

What’s more is that you can effectively upgrade from Android Enterprise, leveraging a comprehensive set of Knox platform benefits without affecting existing deployments, along with securely deploying the innovative Samsung DeX mobile desktop solution in new work environments, which unifies mobile and desktop computing on one device.

The Full Stack

From the minute your smartphone is powered on, you know it will keep your device safe, thanks to a multilayered approach to security that begins in the factory.

Samsung creates a device root key and a device-unique hardware key at the point of manufacture. These are public/private key pairs, unique to each device, that are created and stored in a part of the CPU known as the Trusted Execution Environment (TEE). Access to this zone and the information stored on it is tightly regulated. These keys form the basis of the rest of the features which Samsung provides through its security platform.

As a device boots up, in order to ensure each component came directly from Samsung, a secure boot certificate is used. These digital certificates are created by Samsung at the factory and stored in the TEE. They’re used to verify digital signatures on software — specifically, boot components.

Taken together, these hardware-based security checks are known as the hardware root of trust.

Trusted Boot

While Secure Boot ensures the software loading on a phone has come from Samsung, it cannot distinguish between a bootloader with a known vulnerability and a later, patched version. This is where Trusted Boot comes in. This checks each module in the booting process to ensure they’re valid — and to add another layer of protection, it will also blow a tamper-evident fuse if it detects an unauthorized modification.

At this point, Android is now up-and-running, and while the OS conducts its own set of checks to ensure the software being loaded hasn’t been tampered with, Knox provides an additional layer of protection with its TrustZone-based Integrity Management Architecture (TIMA).

TIMA, which runs inside the protected TEE, provides a wide variety of security services, including attestation, a trusted user interface, KeyStore and Client Certificate Management, as well as real-time kernel protection (RKP) and periodic kernel measurement (PKM).

The protections afforded by Knox extend all the way up to the application layer. The platform allows for the easy separation of personal and work data through containerization. For those working in highly regulated industries, such as government or finance, Knox Platform for Enterprise provides an encrypted container to isolate business applications and data. All information, whether personal or business, is encrypted using the cryptographic keys stored in the hardware.

A Feature for Every Need

The Knox platform isn’t just a set of hardware tools to protect vulnerable devices; rather, it encompasses every step of the mobile environment’s rollout, configuration and deployment.

For all Samsung Galaxy devices, including the recently unveiled, super powerful Galaxy Note9, the Knox platform brings with it:

Knox Manage: Samsung’s EMM platform offers all device administration capabilities from a single, remote console, enabling device management and seamless deployment process.

Knox Configure: Knox Configure lets IT administrators remotely configure a large number of Samsung devices and tailor them to specific business needs.

Knox Mobile Enrollment: Knox Mobile Enrollment (KME) automatically enrolls smartphones and tablets — at scale — to a company’s existing EMM to ensure end-to-end management of devices from the minute they’re powered on.

E-FOTA: Samsung E-FOTA, or Enterprise Firmware-Over-The-Air, lets IT administrators choose an OS version to ensure compatibility with in-house apps and seamlessly push security updates and patches.

This level of care and attention is why Samsung Knox is consistently rated at the top of its field. With the dependability to keep your data safe, and the flexibility to customize for your enterprise, it’s the perfect fit for the modern connected business.

Understanding the toolset available to fill all the gaps in mobile security is paramount for businesses. Learn more about the Samsung Knox platform in this guide.